Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2023-1097
PUBLISHED
More InfoOfficial Page
Assigner-Baicells
Assigner Org ID-084566ad-deee-4e89-acff-6b7b1bf9d4b7
View Known Exploited Vulnerability (KEV) details
Published At-01 Mar, 2023 | 19:29
Updated At-07 Mar, 2025 | 15:53
Rejected At-
▼CVE Numbering Authority (CNA)
Unauthenticated Command Injection EG7035-M11 Series

Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery.

Affected Products
Vendor
Baicells TechnologiesBaicells
Product
EG7035-M11
Platforms
  • BCE
Default Status
unaffected
Versions
Affected
  • From 0 through BCE-ODU-1.0.8 (patch)
    • -> unaffectedfromBaiCE_BM_2.5.26
Problem Types
TypeCWE IDDescription
CWECWE-94 CWE-94: Improper Control of Generation of Code ('Code Injection')
Type: CWE
CWE ID: CWE-94
Description: CWE-94: Improper Control of Generation of Code ('Code Injection')
Metrics
VersionBase scoreBase severityVector
3.19.3CRITICAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-108CAPEC-108 Command Line Execution through SQL Injection
CAPEC ID: CAPEC-108
Description: CAPEC-108 Command Line Execution through SQL Injection
Solutions

Baicells recommends that all customers currently running an earlier version of BCE-ODU-1.0.8 upgrade their product to the BaiCE_BM_2.5.26 firmware.

Configurations

CPE would need to be configured and running on BCE-ODU-1.0.8 firmware and older along with being accessible on the internal network or public network. If the Web interface is enabled it will allow users to exploit using the above method.

Workarounds
Exploits
Credits
finder
Lionel Musonza
remediation developer
Baicells Security Team
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://community.na.baicells.com/t/baice-bm-2-5-26-new-cpe-software-has-been-released/1756
patch
release-notes
https://img.baicells.com//Upload/20220524/FILE/BaiCE_BM_2.5.26_NA.bin.bin
patch
Hyperlink: https://community.na.baicells.com/t/baice-bm-2-5-26-new-cpe-software-has-been-released/1756
Resource:
patch
release-notes
Hyperlink: https://img.baicells.com//Upload/20220524/FILE/BaiCE_BM_2.5.26_NA.bin.bin
Resource:
patch
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://community.na.baicells.com/t/baice-bm-2-5-26-new-cpe-software-has-been-released/1756
patch
release-notes
x_transferred
https://img.baicells.com//Upload/20220524/FILE/BaiCE_BM_2.5.26_NA.bin.bin
patch
x_transferred
Hyperlink: https://community.na.baicells.com/t/baice-bm-2-5-26-new-cpe-software-has-been-released/1756
Resource:
patch
release-notes
x_transferred
Hyperlink: https://img.baicells.com//Upload/20220524/FILE/BaiCE_BM_2.5.26_NA.bin.bin
Resource:
patch
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found